GCSE coursework lost in cyber attack on Bridport school

Image copyrightSir John Colfox AcademyImage caption The Sir John Colfox Academy has about 1,000 pupils

Hackers have used ransomware to encrypt files at a school, causing it to lose some students’ GCSE coursework.

The Sir John Colfox Academy in Bridport, Dorset, said a member of staff mistakenly opened an email containing a virus.

The email claimed to be from a colleague at another Dorset school and infected the computer network.

Coursework from one subject submitted by Year 11 students, which was saved on the school’ system, has been lost.

Head teacher David Herbert said: “We are liaising with the relevant exam boards about this specific issue.”

Mr Herbert added a police expert “has advised us that it is very unlikely that any school information has left the building and we are not compromised in that way”.

“Personal data relating to staff, students and parents is not held on this system and is secure,” he said.

Analysis

by BBC technology reporter Jane Wakefield

Hackers are highly qualified when it comes to finding ways to infect machines and so-called ransomware has become one of the most popular ways for cyber criminals to make money.

In a typical attack, malicious software is installed on a victim’s computer – typically via a link that is sent in an email – and will then proceed to encrypt all the files on it.

To get the data back, the victim will be asked to pay a ransom, often in cryptocurrency, within a certain timeframe.

data-ad-format="auto">

Unfortunately, schools and other public institutions, such as hospitals, have become regular victims because hackers think they will be less likely to have good cyber-practices.

Falling victim can be hugely damaging to reputation – and a school which has lost GCSE coursework as a result of an attack will have some explaining to do to parents and pupils.

All of this could be simply avoided with some straightforward steps. Backing-up data on an external drive, keeping anti-virus software up to date and educating anyone who uses the network to not open unsolicited emails or click on suspicious links.